I'm genuinely more excited for Apple's September 12, 2017 special event than I have been for any event since the iPhone 6. Still, Apple has now had two leaks leading up to the event, widely expected to include the announcement of iPhone 8, iPhone 8 Plus, and iPhone X, Apple Watch LTE, and Apple TV 4K HDR. The first one was an accident. The second one, not so much.
John Gruber, writing for Daring Fireball
Again: these URLs were not discovered by guessing the URLs, or because they were published at obvious URLs prematurely. Someone who works at Apple emailed these URLs to 9to5Mac and MacRumors — possibly without even knowing just how much information could be gleaned from these builds compared to the last developer beta builds. UPDATE: Let me clarify that sentence: whoever leaked these URLs knew it would be an incredibly damaging leak, if for no other reason than that they included the IPSW image for iPhone D22. The list of URLs they leaked included every device. The least amount of heretofore unknown information that was going to come out of this leak was massive, and whoever leaked it knew that. What I'm saying is they quite possibly didn't even know just how many little things, things I won't mention here for the sake of DF readers who are trying to stay spoiler-free for Tuesday's event, were spoiled by this leak.
That person should be ashamed of themselves, and should be very worried when their phone next rings.
My understanding is the same as John's: The leak was internal and malicious. And it was incredibly damaging to the company — a company that relies on surprise as a key way to generate marketing buzz and maintain excitement in the media. It's just about impossible to believe anyone in a position to leak those links wouldn't know that.
From Apple's perspective that means, come Tuesday afternoon, instead of hearing about the announcements and the surprises, we'll be hearing about how the leaks were confirmed and, from those in the media who continually mistake cynicism for intelligence, how "boring" Apple has become. (Imagine a movie critic reading a leaked plot to "The Last Jedi" and then claiming the movie lacked surprises...)
As hard as it is to believe someone inside Apple would leak the firmware, it just as hard to believe such a leak was possible. The firmware was live on the internet, protected only through obscured URL. That means, when the URLs were leaked, anyone could access the firmware. No VPN, login credentials, or other security checks required.
It's absolutely the fault of the leaker but my guess is that the days of security through obscurity are done and Apple locks down the firmware delivery process asap.
Update: Great point by Will Strafach on Twitter: Convenience is the enemy of security.
Same with the HomePod firmware leak from last month. That leak wasn't malicious. It was the result of a mistake, at least at first. Someone copied an un-flagged version of the file to a public rather than a private directory.
It's not at all hard to believe that mistakes happen. It's still hard to believe that those kinds of mistakes can happen, though.
My guess is that Apple locks down that process asap as well, with both digital and human checks and safeguards.
I'm sure most people at Apple are too apoplectic to look for it right now, but if there's a silver lining for them in all this, that's it. Legacy has hellacious inertia and old processes don't die easily. Often, people are too busy to even stop and think about improving things that currently get the job done, even if imperfectly.
Then something like this happens, and top to bottom, everyone's will becomes bent on making sure it doesn't happen again.
Update: I've got no beef with leaks or the coverage thereof. But the world is nuanced and there are multiple perspectives and truths. Leaks provide considerable attention for websites that cover Apple, including iMore. They also inform customers who may be considering whatever products are about to be released. From Apple's perspective, though, they're damaging. They cost sales [on current devices], depress marketing, and the security enhancements that follow make it harder for many to do their jobs. That, in turn, can affect the next generation of products.
Update 2: There's a narrative going around that claims these were "controlled leaks" or "publicity stunts" from Apple. No, they weren't. This is not the kind of publicity the company wants or needs. Apple lives for the big reveal at the big event on the big stage. You can love or leave the leaks, whatever suits you. But don't think for a minute Apple wanted them or is anything other than extremely frustrated by them.
We may earn a commission for purchases using our links. Learn more.
CEO of UK smartphone carrier EE tells employees a 5G iPhone is 'days away'
Marc Allera, CEO of EE, says that a 5G iPhone is "just days away" in a new video shared with the carrier's employees.
Czech girl tips off authorities to malicious apps on iOS and Android
Malicious apps on both iOS and Android reportedly clocked 2.4 million downloads and over $500,000 in revenue. The apps bombarded users with intrusive ads and even hid their icons to prevent users from uninstalling them.
People are making real money by selling icon sets for iOS 14 Home screens
Apple's recent launch of iOS 14 has seen people spending time, and money, on making their Home screens look perfect. And that's opened up business opportunities for artists.
Allergies have you sneezing in your own home? Get a smart air purifier!
Air purifiers are great for keeping the air in your home clean, and smart options take things to the next level with convenient, connected, controls. Here's our guide to the best smart Wi-Fi air purifiers that you can buy today.